IT services firm Atos is investigating a potential security breach in response to reports that employee credentials were found in malware used to target the Winter Olympics

The malware used to target the Winter Olympic Games in Pyeongchang, South Korea, has reportedly identified a potential breach at Atos, the worldwide IT partner of the International Olympic Committee (IOC).

Download this free guide

3 key web security guidelines from FS-ISAC

We address the ongoing issues regarding web security for businesses relying on an online presence. Download this e-guide and discover how to identify and address overlooked web security vulnerabilities as well as why you should look at the full security development lifecycle to reduce web threats.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The IOC said the issues had been resolved quickly, but declined to comment on the details, saying only that the IOC was making sure its systems were secure.

It has subsequently emerged that the malware, commonly referred to as Olympic Destroyer and initially identified by Talos researchers, was used in the attack.

According to the Talos researchers, the malware required the login credentials of Olympics staff to propagate quickly and spread a destructive payload, which deletes files.

Samples of the malware were uploaded to the VirusTotal malware analysis site, revealing that the code contained Atos employee credentials, and suggesting that those behind the attack had penetrated an Atos nework in December 2017, pointing to how the attackers were able to access the required credentials, according to CyberScoop.

Some of the malware samples were uploaded from France, where the report notes that Atos is headquartered, and Romania, where some members of the Atos security team are based. If the intrusion and the link to the Olympic Destroyer malware are confirmed, the cyber attack on the Winter Games will be yet another example of the importance of supply chain security.

Atos told the news site that it is investigating a potential breach with the help of McAfee’s Advanced Threat Research team and law enforcement, but added: “Credentials embedded in the malware do not indicate the origin of the attack.”

Russia, China and North Korea have all been blamed for the cyber attack on the Olympics, but most security experts admit that attribution is extremely difficult, while others argue that attribution is irrelevant, and that the focus should be on the economic impact of attacks and reducing that impact.

Read more about supply chain security

According to research by security firm Recorded Future, analysis surrounding malware code similarities of Olympic Destroyer have yielded many leads, but “no conclusive attribution”.

However, the researchers said Olympic Destroyer should be treated with a high level of concern, because of the destructive nature of the malware and its potent mechanisms to spread laterally.

They also noted that the co-occurrence of disparate code overlaps in the malware may indicate a false flag operation, attempting to dilute evidence and confuse researchers.

Priscilla Moriuchi, director of strategic threat development at Recorded Future, said attribution continues to be important because it shapes the victim, public and government responses.

“However, accurate attribution is both more crucial and more difficult to determine than ever because adversaries are constantly evolving new techniques and the expertise required to identify a sophisticated actor keeps increasing,” she said.

Juan Andres Guerrero-Saade, principal security researcher in the Insikt Group at Recorded Future, said complex malware operations give cause to re-evaluate research methods to ensure the research community is not being misled by its own eagerness to attribute attacks.

“The Olympic Destroyer campaign comes at a precarious time of geopolitical tensions with several possible perpetrators, but conclusive proof in any one particular direction has not yet been shared,” he said.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.